News
-
CountLoader: New Russian-linked malware loader broadens post-exploitation toolkit, researchers warn
Cybersecurity researchers have identified CountLoader, a new malware loader used by Russian ransomware groups to deliver post-exploitation tools such as Cobalt Strike, AdaptixC2, and the PureHVNC RAT. The loader, observed in variants across .NET, PowerShell, and JavaScript, targets Ukrainian users with PDF phishing lures and features a BrowserVenom proxy capability, multiple download/execution methods, and a…
-
Google patches Chrome zero-day exploited in the wild; updates rolled out across Windows, macOS and Linux
Google released security updates for Chrome to fix four vulnerabilities, including a zero-day exploited in the wild (CVE-2025-10585) in the V8 engine, with patches available for Windows, macOS and Linux and guidance to update across Chromium-based browsers.
-
WatchGuard patches critical remote-code vulnerability in Firebox firewalls (CVE-2025-9242)
WatchGuard issued patches for a critical remote-code execution flaw in Firebox firewalls (CVE-2025-9242) caused by an out-of-bounds write in the Fireware OS iked process, affecting several Fireware versions; admins are urged to patch or apply temporary mitigations.
-
TA558 Deploys AI-Generated Scripts to Deliver Venom RAT, Targeting Hotels in Latin America
Kaspersky links TA558’s latest activity to the RevengeHotels cluster, where attackers use AI-generated scripts to deliver Venom RAT to hotels in Latin America through phishing emails, with goals including stealing guest credit card data and expanding their reach via AI-assisted phishing.
-
AI-assisted CopyCop disinformation network expands with hundreds of fake-news sites, researchers say
A Recorded Future Insikt Group study finds that CopyCop, a Kremlin-linked disinformation network, has expanded into hundreds of AI-generated fake-news sites, using self-hosted Llama 3 models to craft content and deepen influence across the U.S., Europe, and Canada, while funding and infrastructure details highlight the scale of the operation.
-
TA415 Uses Visual Studio Code Remote Tunnels in Targeted U.S.-China Policy Espionage Campaign
A China-aligned threat actor known as TA415 carried out spear-phishing campaigns targeting U.S. policy and economic-relations circles, using VS Code Remote Tunnels and a Python loader, WhirlCoil, to establish a persistent backdoor and harvest data amid ongoing U.S.-China trade talks, according to Proofpoint.
-
Insight Partners notifies thousands after ransomware breach, exposing personal and investor data
New York-based Insight Partners said thousands of individuals were affected by a ransomware breach that involved data exfiltration and subsequent server encryption, with notification letters and identity monitoring offered to impacted individuals and a Sept. 2025 deadline for confirming exposure.
-
Microsoft, Cloudflare Lead Disruption of RaccoonO365 Phishing Network, Seizing 338 Domains
Microsoft and Cloudflare led a coordinated takedown of the RaccoonO365 phishing-as-a-service network, seizing 338 domains and disrupting a campaign that had targeted thousands of Microsoft 365 credentials across dozens of countries. The operation highlights how criminal networks leverage legitimate internet infrastructure to facilitate credential theft, with law enforcement pursuing principal operators and affiliates alike.
-
Critical Chaos Mesh Flaws Could Allow Kubernetes Cluster Takeover; Patch Released
Cybersecurity researchers warned of four critical vulnerabilities in Chaos Mesh that could enable an in-cluster attacker to seize control of Kubernetes clusters, potentially exfiltrating data or disrupting services. Chaos Mesh issued a patch with version 2.7.3 and urges users to update or apply mitigations to limit exposure.
-
Self-propagating npm supply-chain attack hits at least 187 packages in ‘Shai-Hulud’ worm
Security researchers warn of a self-propagating supply-chain attack on npm that has compromised at least 187 packages in a campaign dubbed ‘Shai-Hulud.’ The worm begins with the widely used @ctrl/tinycolor package and spreads to other maintainers’ packages, using a bundle.js payload that leverages TruffleHog to exfiltrate secrets and forge GitHub Actions workflows.
